set up yii 2 on my server

Hi, i just start trying yii.

I am reading the definitive guide to yii 2.0.

The guide advice to point the document root of web server to yii ‘basic/web’ folder.

Does that mean opening will open yii application?

If it is, i dont want to do that.

My server is hosting multiple website/web app. Each has their own folder in document root of my web server.

Accessing will open my company website.

Each web app/other website is access through different subdomain on our server.

I can create a subdomain for my yii ‘basic/web’ folder, but the guide say

By setting basic/web as the document root, you also prevent end users from accessing your private application code and sensitive data files that are stored in the sibling directories of basic/web. Denying access to those other folders is a security improvement.

So my question is how do i achieve this security improvement without pointing my web server document root to yii ‘basic/web’ folder. Because if i just point a subdomain to yii ‘basic/web’ folder, the other file/folder outside of ‘basic/web’ still accessible through web.

I did read the guide on Shared Hosting Environment but doesnt really understand it. One of the instruction in that topic is

If you can write to the root level directory i.e. where config, logs and www are, then upload assets, commands etc. as is to the root level directory

1)Does etc mean everything including all file in yii folder except the web folder?

2)If i need to this, i hope i can put all of those item in a single folder in root level directory because i dont want them to mix up with other folder.

Hope someone can help, thanks.


You could use for example .htaccess to redirect everything to your_porject/web


Put this file named ".htaccess" in your app root-folder.

RewriteEngine On

RewriteRule ^(/)?$ web [L]

This should redirect every access to "" to ""

If anyone has better solutions, please feel free to share.


Hi, thx for your advice, i will try your solution.

I just curious if this .htaccess method is as secure as put those file mention previously outside of document root?

Anyway, thx again.

It seems that i need to put .htaccess for each yii folder outside of ‘basic/web’. I can use this solution for now, but if someone can come up with better solution would be great.


When I’m not totally wrong you could also use a combination of Virtual Hosts configuration and for example Symlinks.

(Just google "Virtual host")

Then you can manage that every access to:

Leads to your respective project-web folder.


There are no rules for the directory structure of your application harcoded in the framework. There are some conventions and defaults but they can be overridden easily. Rearrange your directories as you need (e.g. move all directories except "web" into a "protected" directory, in the Yii1 way) then

  • look for *Path properties of yii\web\Application and configure them as necessary

  • set config.vendor-dir and extra.asset-installer-paths.bower-asset-library in your composer.json

  • other changes may be required but you will figure it out.

Strance, try this:

RewriteEngine On 

RewriteCond %{REQUEST_FILENAME} !-f 

RewriteRule ^(.*)$ /web/$1 [QSA,L]

Your solution work well, but is this as secure as moving the other folder outside of document root?

I did move the other folder outside of document root and modify the require statement in web/index.php and it work, but i dont understand your instruction about

- look for *Path properties of yii\web\Application and configure them as necessary

I did open the url but dont know what to find in that page. The path properties u say, are they $basePath, $layoutPath and $viewPath?

- set config.vendor-dir and extra.asset-installer-paths.bower-asset-library in your composer.json

Care to explain a bit more? Anyway thx for advise, i’ll try to search more on internet in the meantime.

Yes. In my opinion - it is quite secure.